Bug#662903: apertium-dbus: leaves an empty file behind in /tmp

[Paul Wise]

Control: tags 662903 + security

On Wed, 2012-03-07 at 14:09 +0800, Paul Wise wrote:

> apertium-dbus sets up debugging output to /tmp/mode.log and then never
> uses it. It should not setup this log file at all if it will not use
> it.

Turns out this is a minor security issue An attacker could create
arbitrarily named empty files as the user running apertium-dbus. There
is no possibility of any other issues because the log is not written to:

pabs@chianamo ~ $ sudo ln -s /home/pabs/foo /tmp/mode.log
pabs@chianamo ~ $ ls -l /home/pabs/foo /tmp/mode.log
ls: cannot access /home/pabs/foo: No such file or directory
lrwxrwxrwx 1 root root 14 Sep  5 23:09 /tmp/mode.log -> /home/pabs/foo
pabs@chianamo ~ $ apertium-tolk 
/usr/bin/apertium-tolk:69: GtkWarning: IA__gtk_toolbar_set_icon_size: assertion 
`icon_size != GTK_ICON_SIZE_INVALID' failed
  self.glade = tolk.GladeXML(path) # Instantiate our custom Glade class which 
extends the gtk.glade.GladeXML class
pabs@chianamo ~ $ ls -l /home/pabs/foo /tmp/mode.log
-rw-r----- 1 pabs pabs  0 Sep  5 23:09 /home/pabs/foo
lrwxrwxrwx 1 root root 14 Sep  5 23:09 /tmp/mode.log -> /home/pabs/foo
pabs@chianamo ~ $ file foo
foo: empty
pabs@chianamo ~ $ echo foo > foo
pabs@chianamo ~ $ ls -l /home/pabs/foo /tmp/mode.log
-rw-r----- 1 pabs pabs  4 Sep  5 23:10 /home/pabs/foo
lrwxrwxrwx 1 root root 14 Sep  5 23:09 /tmp/mode.log -> /home/pabs/foo
pabs@chianamo ~ $ cat foo
foo
pabs@chianamo ~ $ apertium-tolk 
/usr/bin/apertium-tolk:69: GtkWarning: IA__gtk_toolbar_set_icon_size: assertion 
`icon_size != GTK_ICON_SIZE_INVALID' failed
  self.glade = tolk.GladeXML(path) # Instantiate our custom Glade class which 
extends the gtk.glade.GladeXML class
pabs@chianamo ~ $ ls -l /home/pabs/foo /tmp/mode.log
-rw-r----- 1 pabs pabs  4 Sep  5 23:10 /home/pabs/foo
lrwxrwxrwx 1 root root 14 Sep  5 23:09 /tmp/mode.log -> /home/pabs/foo
pabs@chianamo ~ $ cat foo
foo
pabs@chianamo ~ $ grep -C2 log /usr/share/apertium/dbus-1/mode.py
import os.path as path
import os
import logging

import service
--
    service.quit()

def setup_logging():
    logging.basicConfig(level=logging.DEBUG,
                        format='%(asctime)s %(levelname)-8s %(message)s',
                        datefmt='%a, %d %b %Y %H:%M:%S',
                        filename='/tmp/mode.log',
                        filemode='w')
    
if __name__ == "__main__":
    setup_logging()
    objs = create_translation_objects()
    service.add_signal_receiver(quit_handler, dbus_interface = 
"org.apertium.General", signal_name = "QuitSignal")

-- 
bye,
pabs

http://wiki.debian.org/PaulWise

signature.asc
Description: This is a digitally signed message part